CVE-2022-41951 - OpenCVE

OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oroinc	Oroplatform

Configuration 1 [-]

cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-27T20:27:33.911Z

Updated: 2024-08-03T12:56:38.599Z

Reserved: 2022-09-30T16:38:28.944Z

Link: CVE-2022-41951

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-27T21:15:07.553

Modified: 2023-12-04T18:28:54.857

Link: CVE-2022-41951

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41951", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-09-30T16:38:28.944Z", "datePublished": "2023-11-27T20:27:33.911Z", "dateUpdated": "2024-08-03T12:56:38.599Z"}, "containers": {"cna": {"title": "OroPlatform vulnerable to path traversal during temporary file manipulations", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937"}], "affected": [{"vendor": "oroinc", "product": "platform", "versions": [{"version": ">= 4.1.0, <= 4.1.13", "status": "affected"}, {"version": ">= 4.2.0, <= 4.2.10", "status": "affected"}, {"version": " >= 5.0.0, < 5.0.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-27T20:27:33.911Z"}, "descriptions": [{"lang": "en", "value": "OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\\Bundle\\GaufretteBundle\\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9."}], "source": {"advisory": "GHSA-9v3j-4j64-p937", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.599Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*", "matchCriteriaId": "1124E7EE-1C8D-4B17-8803-81B7BF744F83", "versionEndExcluding": "5.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\\Bundle\\GaufretteBundle\\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9."}, {"lang": "es", "value": "OroPlatform es Business Application Platform (BAP) PHP dise\u00f1ada para hacer que el desarrollo de aplicaciones empresariales personalizadas sea m\u00e1s f\u00e1cil y r\u00e1pido. El Path Traversal es posible en `Oro\\Bundle\\GaufretteBundle\\FileManager::getTemporaryFileName`. Con este m\u00e9todo, un atacante puede pasar la ruta a un archivo inexistente, lo que permitir\u00e1 escribir el contenido en un archivo nuevo que estar\u00e1 disponible durante la ejecuci\u00f3n del script. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 5.0.9."}], "id": "CVE-2022-41951", "lastModified": "2023-12-04T18:28:54.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-27T21:15:07.553", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}